More than 100M attacks detected on smart devices in first half of 2019

Kaspersky honeypots – networks of virtual copies of various Internet-connected devices and applications – have detected 105 million attacks on IoT devices coming from 276,000 unique IP addresses in the first six months of the year.

The
figure is around nine times more than the number found in the first half of 2018,
when only around 12 million attacks were spotted originating from 69,000 IP
addresses.

Capitalizing
on weak security of Internet of Things (IoT) products, cybercriminals are
intensifying their attempts to create and monetize IoT botnets. This and other
findings are a part of the ‘IoT: a malware story’ report on honeypot activity
in the first half of 2019 (H1 2019).

Cyberattacks
on IoT devices are booming, as even though more and more people and
organizations are purchasing ‘smart’ (network-connected and interactive)
devices, such as routers or DVR security cameras, not everybody considers them
worth protecting.

Cybercriminals,
however, are seeing more and more financial opportunities in exploiting such
gadgets. They use networks of infected smart devices to conduct DDoS attacks or
as a proxy for other types of malicious actions.

To
learn more about how such attacks work and how to prevent them, Kaspersky
experts set up honeypots — decoy devices used to attract the attention of
cybercriminals and analyze their activities.

Based
on data analysis collected from honeypots, attacks on IoT devices are usually
not sophisticated, but stealth-like, as users might not even notice their
devices are being exploited. The malware family behind 39% of attacks — Mirai —
is capable of using exploits, meaning that these botnets can slip through old,
unpatched vulnerabilities to the device and control it.

Another
technique is password brute-forcing, which is the chosen method of the second
most widespread malware family in the list – Nyadrop.

Nyadrop
was seen in 38.57% of attacks and often serves as a Mirai downloader. This
family has been trending as one of the most active threats for a couple of
years now. The third most common botnet threatening smart devices — Gafgyt
with 2.12% – also uses brute-forcing.

The
researchers were also able to identify the locations where most infections were
discovered to have originated during the first six months of 2019.

Topping
the list of sources of infections is China, with 30% of all attacks
taking place from this country, second is Brazil with 19%, followed by Egypt with 12%. In the same
period last year, the situation was different with 28% detected from Brazil, 14% from China and 11% from Japan.

“As
people become more and more surrounded by smart devices, we are witnessing how
IoT attacks are intensifying,” said Dan Demeter, security researcher at
Kaspersky

“Judging
by the increased number of attacks and criminals’ persistence, we can say that
IoT is a fruitful area for attackers that use even the most primitive methods,
like guessing passwords and login combinations. This is much easier than most
people think: the most common combinations by far are usually
“support/support”, followed by “admin/admin”, “default/default”. It’s quite
easy to change the default password, so we urge everyone to take this simple
step towards securing your smart devices”.

To
keep your devices safe, Kaspersky recommends users to:

Install updates for the firmware you use as soon as possible. Once a vulnerability is found, it can be fixed through patches within updates.

Always change preinstalled passwords. Use complicated passwords that include both capital and lowercase letters, numbers and symbols if it’s possible.

Reboot a device as soon as you think it’s acting strangely. It might help get rid of existing malware, but this doesn’t reduce the risk of getting another infection.

Keep access to IoT devices restricted by a local VPN, allowing you to access them from your “home” network, instead of publicly exposing them on the internet.

We strive to bring to local readers all the ICT news and product information relevant to the Philippines. We seek to cover the whole ICT spectrum — from consumer to the enterprise. READ MORE ABOUT NEWSBYTES.PH